Question 1

The secretarial  community often takes on the leadership role in addressing risk.____________

Accepted Answer

A) True 
 B)False

Question 2

What should the prioritized list of assets and their vulnerabilities and the prioritized list of threats facing the organization be combined to create?

Accepted Answer

A)  Risk exposure report 
B)  Threats-vulnerabilities-assets worksheet 
C)  Costs-risks-prevention database 
D)  Threat assessment catalog 
A)  Risk exposure report 
B)  Threats-vulnerabilities-assets worksheet 
C)  Costs-risks-prevention database 
D)  Threat assessment catalog

Question 3

Having an established risk management program means that an organization's assets are completely protected.

Accepted Answer

A) True 
 B)False

Question 4

Which of the following is an example of a technological obsolescence threat?

Accepted Answer

A)  Hardware equipment failure 
B)  Unauthorized access 
C)  Outdated servers 
D)  Malware 
A)  Hardware equipment failure 
B)  Unauthorized access 
C)  Outdated servers 
D)  Malware

Question 5

Assigns a risk-rating ranked value to each uncontrolled asset-vulnerability pair.

Accepted Answer

A) risk management 
B) risk analysis 
C) classification categories 
D) risk identification 
E) field change order
F)threat assessment
G)risk appetite
H)qualitative assessment
I)residual risk
J)ranked vulnerability risk worksheet 
A) risk management 
B) risk analysis 
C) classification categories 
D) risk identification 
E) field change order
F)threat assessment
G)risk appetite
H)qualitative assessment
I)residual risk
J)ranked vulnerability risk worksheet

Question 6

List the stages in the risk identification process in order of occurrence.

Accepted Answer

Plan and Organize Process Create System

Question 7

A formal access control methodology used to assign a level ofconfidentiality to an information asset and thus restrict the number of people who can access it is known as a data categorization scheme.____________

Accepted Answer

A) True 
 B)False

Question 8

Classification categories must be mutually exclusive and which of the following?

Accepted Answer

A)  Repeatable 
B)  Unique 
C)  Comprehensive 
D)  Selective 
A)  Repeatable 
B)  Unique 
C)  Comprehensive 
D)  Selective

Question 9

Remains even after current control has been applied.

Accepted Answer

A) risk management 
B) risk analysis 
C) classification categories 
D) risk identification 
E) field change order
F)threat assessment
G)risk appetite
H)qualitative assessment
I)residual risk
J)ranked vulnerability risk worksheet 
A) risk management 
B) risk analysis 
C) classification categories 
D) risk identification 
E) field change order
F)threat assessment
G)risk appetite
H)qualitative assessment
I)residual risk
J)ranked vulnerability risk worksheet

Question 10

For the purposes of relative risk assessment how is risk calculated?

Accepted Answer

Risk equals likelihood of vuln

Question 11

An evaluation of the threats to information assets,including adetermination of their potential to endanger the organization is known as exploit assessment.____________

Accepted Answer

A) True 
 B)False

Question 12

Labels that must be comprehensive and mutually exclusive.

Accepted Answer

A) risk management 
B) risk analysis 
C) classification categories 
D) risk identification 
E) field change order
F)threat assessment
G)risk appetite
H)qualitative assessment
I)residual risk
J)ranked vulnerability risk worksheet 
A) risk management 
B) risk analysis 
C) classification categories 
D) risk identification 
E) field change order
F)threat assessment
G)risk appetite
H)qualitative assessment
I)residual risk
J)ranked vulnerability risk worksheet

Question 13

What is defined as specific avenues that threat agents can exploit to attack an information asset?

Accepted Answer

A)  Liabilities 
B)  Defenses 
C)  Vulnerabilities 
D)  Weaknesses 
A)  Liabilities 
B)  Defenses 
C)  Vulnerabilities 
D)  Weaknesses

Question 14

Which of the following is a network device attribute that may be used in conjunction with DHCP,making asset-identification using this attribute difficult?

Accepted Answer

A)  Part number 
B)  Serial number 
C)  MAC address 
D)  IP address 
A)  Part number 
B)  Serial number 
C)  MAC address 
D)  IP address

Question 15

The likelihood of the occurrence of a vulnerability multiplied by the value of the information asset minus the percentage of risk mitigated by current controls plus the uncertainty of current knowledge of the vulnerability are each examples of _____.

Accepted Answer

A)  Vulnerability mitigation controls 
B)  Risk assessment estimate factors 
C)  Exploit likelihood equation 
D)  Attack analysis calculation 
A)  Vulnerability mitigation controls 
B)  Risk assessment estimate factors 
C)  Exploit likelihood equation 
D)  Attack analysis calculation

Question 16

What should you be armed with to adequately assess potential weaknesses in each information asset?

Accepted Answer

A)  Properly classified inventory 
B)  Audited accounting spreadsheet 
C)  Intellectual property assessment 
D)  List of known threats 
A)  Properly classified inventory 
B)  Audited accounting spreadsheet 
C)  Intellectual property assessment 
D)  List of known threats

Question 17

An approach to combining risk identification,risk assessment,and risk appetiteinto a single strategy.is known as risk protection.___________

Accepted Answer

A) True 
 B)False

Question 18

Some threats can manifest in multiple ways,yielding multiple exploits for an asset-threat pair. ____________ ​

Accepted Answer

A) True 
 B)False

Question 19

As each information asset is identified,categorized,and classified,a ________ value must also be assigned to it.

Accepted Answer

The answer of As each information asset is identified,categorized,and classified,a...

Question 20

The recognition,enumeration,and documentation of risks to anorganization's information assets.

Accepted Answer

A) risk management 
B) risk analysis 
C) classification categories 
D) risk identification 
E) field change order
F)threat assessment
G)risk appetite
H)qualitative assessment
I)residual risk
J)ranked vulnerability risk worksheet 
A) risk management 
B) risk analysis 
C) classification categories 
D) risk identification 
E) field change order
F)threat assessment
G)risk appetite
H)qualitative assessment
I)residual risk
J)ranked vulnerability risk worksheet

The secretarial community often takes on the leadership role in addressing risk.____________

What should the prioritized list of assets and their vulnerabilities and the prioritized list of threats facing the organization be combined to create?

Having an established risk management program means that an organization's assets are completely protected.

Which of the following is an example of a technological obsolescence threat?

Assigns a risk-rating ranked value to each uncontrolled asset-vulnerability pair.

List the stages in the risk identification process in order of occurrence.

A formal access control methodology used to assign a level ofconfidentiality to an information asset and thus restrict the number of people who can access it is known as a data categorization scheme.____________

Classification categories must be mutually exclusive and which of the following?

Remains even after current control has been applied.

For the purposes of relative risk assessment how is risk calculated?

An evaluation of the threats to information assets,including adetermination of their potential to endanger the organization is known as exploit assessment.____________

Labels that must be comprehensive and mutually exclusive.

What is defined as specific avenues that threat agents can exploit to attack an information asset?

Which of the following is a network device attribute that may be used in conjunction with DHCP,making asset-identification using this attribute difficult?

The likelihood of the occurrence of a vulnerability multiplied by the value of the information asset minus the percentage of risk mitigated by current controls plus the uncertainty of current knowledge of the vulnerability are each examples of _____.

What should you be armed with to adequately assess potential weaknesses in each information asset?

An approach to combining risk identification,risk assessment,and risk appetiteinto a single strategy.is known as risk protection.___________

Some threats can manifest in multiple ways,yielding multiple exploits for an asset-threat pair. ____________

As each information asset is identified,categorized,and classified,a ________ value must also be assigned to it.

The recognition,enumeration,and documentation of risks to anorganization's information assets.

Introduction to the Management of Information Security

Compliance: Law and Ethics

Governance and Strategic Planning for Security

Information Security Policy

Developing the Security Program

Risk Management: Controlling Risk

Security Management Models

Security Management Practices

Planning for Contingencies

Personnel and Security

Protection Mechanisms

Filters

Exam 6: Risk Management: Identifying and Assessing Risk

The secretarial community often takes on the leadership role in addressing risk.____________

What should the prioritized list of assets and their vulnerabilities and the prioritized list of threats facing the organization be combined to create?

Having an established risk management program means that an organization's assets are completely protected.

Which of the following is an example of a technological obsolescence threat?

Assigns a risk-rating ranked value to each uncontrolled asset-vulnerability pair.

List the stages in the risk identification process in order of occurrence.

A formal access control methodology used to assign a level ofconfidentiality to an information asset and thus restrict the number of people who can access it is known as a data categorization scheme.____________

Classification categories must be mutually exclusive and which of the following?

Remains even after current control has been applied.

For the purposes of relative risk assessment how is risk calculated?

An evaluation of the threats to information assets,including adetermination of their potential to endanger the organization is known as exploit assessment.____________

Labels that must be comprehensive and mutually exclusive.

What is defined as specific avenues that threat agents can exploit to attack an information asset?

Which of the following is a network device attribute that may be used in conjunction with DHCP,making asset-identification using this attribute difficult?

The likelihood of the occurrence of a vulnerability multiplied by the value of the information asset minus the percentage of risk mitigated by current controls plus the uncertainty of current knowledge of the vulnerability are each examples of _____.

What should you be armed with to adequately assess potential weaknesses in each information asset?

An approach to combining risk identification,risk assessment,and risk appetiteinto a single strategy.is known as risk protection.___________

Some threats can manifest in multiple ways,yielding multiple exploits for an asset-threat pair. ____________ ​

As each information asset is identified,categorized,and classified,a ________ value must also be assigned to it.

The recognition,enumeration,and documentation of risks to anorganization's information assets.

Introduction to the Management of Information Security

Compliance: Law and Ethics

Governance and Strategic Planning for Security

Information Security Policy

Developing the Security Program

Risk Management: Controlling Risk

Security Management Models

Security Management Practices

Planning for Contingencies

Personnel and Security

Protection Mechanisms

Filters

Some threats can manifest in multiple ways,yielding multiple exploits for an asset-threat pair. ____________